Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
Compilation Date | 2014-Oct-21 15:22:55 |
Detected languages |
English - United States
|
Comments | Command-line program to download videos from YouTube.com and other video sites |
FileDescription | YouTube video downloader |
FileVersion | 2021.06.06 |
OriginalFilename | youtube-dl.exe |
ProductName | youtube-dl |
ProductVersion | 2021.06.06 |
Info | Matching compiler(s): | Microsoft Visual C++ 6.0 - 8.0 |
Suspicious | Strings found in the binary may indicate undesirable behavior: |
Looks for Qemu presence:
|
Info | Cryptographic algorithms detected in the binary: |
Uses constants related to CRC32
Uses constants related to MD5 Uses constants related to SHA1 Uses constants related to SHA256 Uses known Mersenne Twister constants |
Suspicious | The PE contains functions most legitimate programs don't use. |
[!] The program may be hiding some of its imports:
|
Malicious | The PE is possibly a dropper. | Resource 1 detected as a PE Executable. |
Malicious | The file contains overlay data. |
5404213 bytes of data starting at offset 0x2a4200.
The file contains a Zip Compressed Archive after the PE data. |
Safe | VirusTotal score: 0/64 (Scanned on 2022-06-30 19:43:50) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 5 |
TimeDateStamp | 2014-Oct-21 15:22:55 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
|
Magic | PE32 |
---|---|
LinkerVersion | 10.0 |
SizeOfCode | 0x2c00 |
SizeOfInitializedData | 0x2a1200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000367A (Section: .text) |
BaseOfCode | 0x1000 |
BaseOfData | 0x4000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 5.1 |
ImageVersion | 0.0 |
SubsystemVersion | 5.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x2a7000 |
SizeOfHeaders | 0x400 |
Checksum | 0 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_CUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
USER32.dll |
MessageBoxA
|
---|---|
SHELL32.dll |
SHGetSpecialFolderPathW
|
MSVCR100.dll |
_lock
_except_handler4_common _invoke_watson _controlfp_s _crt_debugger_hook __dllonexit _unlock ?terminate@@YAXXZ __set_app_type _fmode _commode __setusermatherr _configthreadlocale _initterm_e _initterm __winitenv exit _XcptFilter _exit _cexit __wgetmainargs _amsg_exit malloc _strdup strtol wcstombs strncmp free _stricmp realloc memset memcpy _fileno _setmode setvbuf atoi getenv _snwprintf wcsncmp wcsrchr fprintf __iob_func strncpy _onexit |
KERNEL32.dll |
IsDebuggerPresent
UnhandledExceptionFilter GetCurrentProcess GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter DecodePointer SetUnhandledExceptionFilter EncodePointer HeapSetInformation InterlockedCompareExchange Sleep InterlockedExchange OutputDebugStringA GetModuleHandleW SetDllDirectoryW SetDllDirectoryA GetModuleHandleA HeapAlloc GetThreadLocale lstrlenA GetProcessHeap HeapFree GetProcAddress IsBadReadPtr SetLastError VirtualFree VirtualProtect VirtualAlloc LoadLibraryExW SizeofResource FreeLibrary LoadLibraryA FindResourceA LoadResource LockResource GetModuleFileNameW GetLastError FormatMessageA LocalFree TerminateProcess |
Ordinal | 1 |
---|---|
Address | 0x3030 |
Ordinal | 2 |
---|---|
Address | 0x32f0 |
Ordinal | 3 |
---|---|
Address | 0x31a0 |
Ordinal | 4 |
---|---|
Address | 0x3350 |
Ordinal | 5 |
---|---|
Address | 0x2d90 |
Ordinal | 6 |
---|---|
Address | 0x2dc0 |
Ordinal | 7 |
---|---|
Address | 0x2df0 |
Ordinal | 8 |
---|---|
Address | 0x2b80 |
Ordinal | 9 |
---|---|
Address | 0x32c0 |
Ordinal | 10 |
---|---|
Address | 0x2bb0 |
Ordinal | 11 |
---|---|
Address | 0x2f70 |
Ordinal | 12 |
---|---|
Address | 0x5f14 |
Ordinal | 13 |
---|---|
Address | 0x5f18 |
Ordinal | 14 |
---|---|
Address | 0x5f1c |
Ordinal | 15 |
---|---|
Address | 0x2ca0 |
Ordinal | 16 |
---|---|
Address | 0x2c70 |
Ordinal | 17 |
---|---|
Address | 0x2e80 |
Ordinal | 18 |
---|---|
Address | 0x2fa0 |
Ordinal | 19 |
---|---|
Address | 0x3200 |
Ordinal | 20 |
---|---|
Address | 0x3000 |
Ordinal | 21 |
---|---|
Address | 0x2b50 |
Ordinal | 22 |
---|---|
Address | 0x2fd0 |
Ordinal | 23 |
---|---|
Address | 0x31d0 |
Ordinal | 24 |
---|---|
Address | 0x2eb0 |
Ordinal | 25 |
---|---|
Address | 0x30e0 |
Ordinal | 26 |
---|---|
Address | 0x3320 |
Ordinal | 27 |
---|---|
Address | 0x2c10 |
Ordinal | 28 |
---|---|
Address | 0x2c40 |
Ordinal | 29 |
---|---|
Address | 0x2f10 |
Ordinal | 30 |
---|---|
Address | 0x2f40 |
Ordinal | 31 |
---|---|
Address | 0x2e50 |
Ordinal | 32 |
---|---|
Address | 0x3290 |
Ordinal | 33 |
---|---|
Address | 0x3110 |
Ordinal | 34 |
---|---|
Address | 0x3140 |
Ordinal | 35 |
---|---|
Address | 0x3070 |
Ordinal | 36 |
---|---|
Address | 0x3170 |
Ordinal | 37 |
---|---|
Address | 0x30b0 |
Ordinal | 38 |
---|---|
Address | 0x2be0 |
Ordinal | 39 |
---|---|
Address | 0x2d30 |
Ordinal | 40 |
---|---|
Address | 0x2cd0 |
Ordinal | 41 |
---|---|
Address | 0x2d60 |
Ordinal | 42 |
---|---|
Address | 0x2b20 |
Ordinal | 43 |
---|---|
Address | 0x2d00 |
Ordinal | 44 |
---|---|
Address | 0x2e20 |
Ordinal | 45 |
---|---|
Address | 0x3230 |
Ordinal | 46 |
---|---|
Address | 0x3260 |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 2021.6.6.0 |
ProductVersion | 1.0.0.1 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
Comments | Command-line program to download videos from YouTube.com and other video sites |
FileDescription | YouTube video downloader |
FileVersion (#2) | 2021.06.06 |
OriginalFilename | youtube-dl.exe |
ProductName | youtube-dl |
ProductVersion (#2) | 2021.06.06 |
Resource LangID | UNKNOWN |
---|
Size | 0x48 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x405ad8 |
SEHandlerTable | 0x4041e0 |
SEHandlerCount | 1 |
XOR Key | 0x4813b6c5 |
---|---|
Unmarked objects | 0 |
Imports (VS2010 SP1 build 40219) | 2 |
ASM objects (VS2010 SP1 build 40219) | 1 |
C++ objects (VS2010 SP1 build 40219) | 2 |
Imports (VS2008 SP1 build 30729) | 7 |
Total imports | 89 |
C objects (VS2010 SP1 build 40219) | 26 |
Exports (VS2010 SP1 build 40219) | 1 |
Resource objects (VS2010 SP1 build 40219) | 1 |
Linker (VS2010 SP1 build 40219) | 1 |